IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [letsencrypt]

An initiative from the Electronic Frontier Foundation (EFF), Mozilla, Cisco, Akamai, IdenTrust, and researchers at the University of Michigan that aims to automatically provide every domain owner with a recognized certificate that can be used for TLS.

Let's Encrypt is a certificate authority that provides free X.509 certificates for Transport Layer Security (TLS) encryption via an automated process designed to eliminate the hitherto complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites.

source Wikipedia:

82 questions
1
vote
1 answer

LetsEncrypt / Exim4 / GnuTLS / cert chaining: "The provided X.509 certificate list is not sorted" error

From what I can determine, you generate a LetsEncrypt certificate that includes the full cert chain thus: # run lets-enc the usual way # then ..: wget -O intermediate.pem https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem cat DOMAIN.crt…
Matthias Urlichs
  • 113
  • 5
0
votes
2 answers

Why does anyone not use Let's Encrypt?

Let's Encrypt offers free TLS certificates, including wildcard certificates. Is there ever a reason to pay for a certificate? Is it just "we have to pay for everything so we can sue someone if something breaks" corporate policies?
Someone
  • 115
  • 4
0
votes
1 answer

Are self-signed certificates better for local usage?

When generating a certificate what would more secure - generating a self-signed certificate using PGP or using a public CA like Let's Encrypt? We are using it for signing and encrypting. What are the advantages and disadvantages?
Munchkin
  • 212
  • 2
  • 10
0
votes
1 answer

Openssl and Let's Encrypt Cert Chain

I'm trying to understand openssl and some cert issues I was trying to track down. These certs were issued from Let's Encrypt. I will use their site as an example because I see the same behavior there. First, I run openssl (OpenSSL 3.0.1 14 Dec…
AnaphylacticInternet
  • 3
  • 2
0
votes
1 answer

What could cause classic "ERR_CERT_DATE_INVALID" when I can confirm no error from numerous other clients?

The ERR_CERT_DATE_INVALID error, I'm sure we're all familiar with, is below Visiting the same site from numerous other locations, web clients, etc shows a valid certificate. It's issued by let's encrypt (cert-bot) and auto-renews. Thousands of…
TCooper
  • 336
  • 1
  • 8
0
votes
1 answer

mTLS Client Authentication by Signing Arbitrary Message using Browser

this is my first post here in the area of ​​security and encryption. I will try to be succinct, and let you know that I am not an expert in security. Context: My client (visitor) has an X509 certificate installed on his machine, containing its…
Bruno Alano
  • 101
  • 1
0
votes
0 answers

Certbot installation from cloudfront.net epel-release mirror

I'm setting up a website on a Centos7 VPS with certbot and let's encrypt. I am no expert on network security. I checked to see if my epel-release was pulling certbot from a legit mirror. I ran yum search epel-release three times back-to-back and…
myke
  • 13
  • 2
0
votes
1 answer

pfsense subdomain timeout with error 522

I want to attach a valid ssl subdomain to my pfsense. I would check it (with warnings) via my the pfsense's IP 192.168.11.1 . I used multiple tutorials to come up with the following: Bought a domain Set the domain's namespace to cloudflair Setup an…
SILENT
  • 166
  • 5
0
votes
1 answer

Is it possible to additionally sign a Let's Encrypt certificate with another self-signed root certificate?

I have a certificate for my web service issued with Let's Encrypt. Another service that communicates with my web service requires that my certificate must be signed with theirs, otherwise their client will abort the connection…
user2530062
  • 163
  • 6
0
votes
1 answer

Where is ISRG Root X1 certificate on Windows 10?

Have a look here: https://letsencrypt.org/2018/08/06/trusted-by-all-major-root-programs.html First paragraph says: "As of the end of July 2018, the Let’s Encrypt root, ISRG Root X1, is directly trusted by Microsoft products." I have just checked my…
StanTastic
  • 173
  • 1
  • 9
0
votes
0 answers

Domain Joined computer doesn't browser properly with any website with Let's Encrypt CA cert

Navigating to any website with Let's Encrypt CA cert and even after enabling the HTTPS Everywhere addon, I'm getting "Your connection is not private". Getting this error from all the browser except Firefox The certificate cannot be verified up to a…
Nɪsʜᴀɴᴛʜ ॐ
  • 111
  • 4
0
votes
1 answer

Using LetsEncrypt certificates for WiFi network authentication

I am helping my school IT set up a RADIUS authentication system using PEAP/EAP-TTLS. We are able to achieve successful connection with the user devices, but the users need to accept a "Not trusted" self-signed certificate. I am considering using the…
Standstill
  • 103
  • 1
  • 3
0
votes
1 answer

Update letsencrypt certificates without changing the private key

I want to renew the letsencrypt certificate on my webserver but want to keep the private key same. I've installed the certificate using certbot 0.35.1 How can I update the certificate (preferably using certbot) without changing the private key? If…
Cool Breeze
  • 121
  • 1
  • 3
0
votes
2 answers

Are the letsencrypt clients audited?

When more and more webservers installs the letsencrypt client to have free letsencrypt certs, I was just thinking. Are the letsencrypt client(s) audited? Can they have malicious code in them?
Hessnov
  • 199
  • 1
  • 4
0
votes
2 answers

Letsencrypt does not work on Android

I have a digitalocean server (ubuntu 16.4 nginx) + serverpilot I installed letsencrypt Following the site tutorial: https: //www.robertwent.com/blog/using-letsencrypt-serverpilot/ Everything worked out, the result was this: https://testelcon2.tk The…
user7082272
  • 1
  • 1
1 2 3 4
5
6